CVE-2011-3952

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2011-3952

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2011-3952.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2011-3952

Downstream

DEBIAN-CVE-2011-3952

DSA-2494-1

Published

2012-08-20T18:55:02Z

Modified

2025-08-09T20:01:28Z

Summary

[none]

Details

The decode_init function in kmvc.c in libavcodec in FFmpeg before 0.10 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large palette size in a KMVC encoded file.

References

http://www.debian.org/security/2012/dsa-2494
http://www.ubuntu.com/usn/USN-1479-1
http://ffmpeg.org/
http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=386741f887714d3e46c9e8fe577e326a7964037b
http://libav.org/

CVE-2011-3952

Affected packages